gearsGadget Freak!
gears

Contents

Home

Gadgets I want

Who I am

Documentation

My résumé

This site is perpetually under construction!!
gears  

Using Solaris x86 as my Samba PDC

by Ed Hagihara (created 3/23/03)

I've always been fascinated by the prospect of having a Primary Domain Controller for my Windows network on a linux or unix machine.  I've certainly learned a lot throughout this process and love the fact that with Open Source software, one can have the ability to set up a server with all of the functionality of a Windows PDC for free.  However, there's no question that the initial learning curve was certainly difficult.  If you want more detailed information, as always, I'd refer back to the source -  at www.samba.org.

Some notes:

  1. Joining a computer account to the domain is a two step process:
    1. First, you must add the computer to your unix user list as such (don't forget the $ at the end of the computername):

      /usr/sbin/useradd -g 100 -d /dev/null -s /bin/false computername$

    2. Then you need to add it to your smbpasswd list of samba users like so (note there's no $ here at the end of the computername):

      /usr/local/samba/bin/smbpasswd -a -m computername
  2. Getting printing to work properly was just a MASSIVE pain - it was more than likely a user ID10T or an RTFM error, but here are some notes that I took on this anyhow.
    1. First, create the print queue on the samba server.  I used admintool under Solaris to make this work (Sun would prefer that you use the Solaris Management Console), you could probably use the printtool program under Linux to achieve the same thing.  I have an HP Color Laserjet 4500DN with a jetdirect card, so I set it up as accessing a remote printer and made the printer share (in the [printers] section) in samba.  At this point, I still couldn't even get a printer to show up. Argh.
    2. Okay, so now I spent some time doing searches and figured out that I needed to create a printcap file under /etc as a printer definition file.  I found an existing one on the internet for a Laserjet 4500 and modified it without being really sure if it would work - to my fortune, it did.  Here's what my /etc/printcap file looks like - it's not the most optimal definition, but at least it seems to work:

      #/etc/printcap
      Laserjet4500:\
      :lp=192.168.1.222%9100:\
      :sd=/var/spool/lp/Laserjet4500:\
      :ab:\
      :ifhp=model=hp4500:
    3. After setting up the /etc/printcap file and restarting the smbd and nmbd daemons, then I was able to get the printer to at least show up.  And I could print to it, if I loaded the driver manually to each machine - nah, we can't very well have THAT... SO...
    4. ... NOW all I needed to do was to get it to be able to automatically load the printer drivers for Win2k when I wanted to print to the print server.  This is where I ran into most of my troubles...After some MORE searching, I found one document that was able to get me most of the way there.  The steps turned out to be something like this:
      1. Modify the smb.conf file and define some printer administrators and define who can write to the share.  Okay, I added:

        printer admin = Administrator admin root
        write list = Administrator admin root
      2. Then I had to define where I wanted the printer driver files to reside.  I decided to pick /usr/local/samba/printers (as referenced in the 'path = /usr/local/samba/printers' line in the [print$] section).
      3. After setting this up, then I had to create subdirectories under /usr/local/samba/printers where the printer installation files would go for each platform that Win2k supported, and gave full access permissions to each directory:

        mkdir W32X86 WIN40 W32ALPHA W32MIPS W32PPC
        chmod 777 .
      4. After the directory structure was created, I tried to upload the drivers to the server by going to my Win2k machine and ...

        - logged into the Win2k box as an administrative user
        - browsed to the PDC in the Network Neighborhood and went into the "Printers" folder
        - right-clicked on the printer, selected "properties", selected the "sharing" tab, and selected "additional drivers"
        - then I selected to add "Windows NT 4.0 or 2000" drivers and when I clicked on "ok", I ...

        ... got the error message " Unable to install the Intel, Windows NT 4.0 or 2000 driver. Operation could not be
        completed.".  *SIGH*.

        FINE.  At this point, I'm royally pissed and tried and tried again.  4AM.  Nothing. More searches.  Okay, maybe it's the subdirectory "3" that it's supposed to create under PRINT$ when loading drivers.  Nope.  It's there.  What else?  Okay, let's try coping the drivers manually.  Nope. No luck.  Tried some more stuff, rebooted, nothing.  Finally at some point in all of this, I got an error that mentioned that I didn't have permission to add drivers.  DUH.  Directory  permissions! Of course - how could I be SO stupid?!  Checked the permissions of all the subdirectories under /usr/local/samba/printers and realized that the directory "3" (where the drivers themselves were supposed to reside at)  were set at 744 (rwx r-- r--).  Great!  Erased everything under the "3" directory, and set the umask to 002, retried it, and lo and behold, it worked!

    Anyhow, here is MY smb.conf file for my Solaris-based Primary Domain Controller.  Relevant settings are in bold. I left in the commented fields so you can see what each entry that I used stands for.  I also have WINS running on my PDC, so this configuration is set up for that as well.

    # ====== Global Settings ======

    [global]

    # workgroup = NT-Domain-Name or Workgroup-Name

    workgroup = Put your workgroup or domain name here
    netbios name = Put the name of your computer here

    # server string is the equivalent of the NT Description field

    server string = Put your NT description here

    # if you want to automatically load your printer list rather
    # than setting them up individually then you'll need this

    printcap name = /etc/printcap
    load printers = yes

    # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include:
    # bsd, sysv, plp, lprng, aix, hpux, qnx

    printing = bsd

    # this tells Samba to use a separate log file for each machine
    # that connects

    log file = /var/log/samba/log.%m

    # Put a capping on the size of the log files (in Kb).

    max log size = 50

    # Security mode. Most people will want user level security. See
    # security_level.txt for details.

    security = USER 

    # You may wish to use password encryption. Please read
    # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    # Do not enable this option unless you have read those documents

    encrypt passwords = yes
    smb passwd file = /etc/smbpasswd

    # The following are needed to allow password changing from Windows to
    # update the Linux sytsem password also.
    # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
    # NOTE2: You do NOT need these to allow workstations to change only
    # the encrypted SMB passwords. They allow the Unix password
    # to be kept in sync with the SMB password.

    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

    # Unix users can map to different SMB User names

    username map = /etc/smbusers

    # Most people will find that this option gives better performance.
    # See speed.txt and the manual pages for details

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    # Cause this host to announce itself to local subnets here

    remote announce = Put your local subnet here.  Example: 192.168.1.255

    # Browser Control Options:
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply

    domain master = TRUE
    domain admin group = put your domain admin group here
    local master = yes

    # OS Level determines the precedence of this server in master browser
    # elections. The default value should be reasonable

    os level = 64 

    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job

    domain master = yes 

    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election

    preferred master = yes

    # Enable this if you want Samba to be a domain logon server for 
    # Windows95 workstations. 

    domain logons = yes

    # run a specific logon batch file per username

    logon script = logon.bat

    # All NetBIOS names must be resolved to IP Addresses
    # 'Name Resolve Order' allows the named resolution mechanism to be specified
    # the default order is "host lmhosts wins bcast". "host" means use the unix
    # system gethostbyname() function call that will use either /etc/hosts OR
    # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
    # and the /etc/resolv.conf file. "host" therefore is system configuration
    # dependant. This parameter is most often of use to prevent DNS lookups
    # in order to resolve NetBIOS names to IP Addresses. Use with care!
    # The example below excludes use of name resolution for machines that are NOT
    # on the local network segment
    # - OR - are not deliberately to be known via lmhosts or via WINS.

    name resolve order = wins lmhosts bcast

    # Windows Internet Name Serving Support Section:
    # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

    wins support = yes

    # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
    # this has been changed in version 1.9.18 to no.

    dns proxy = yes 

    #==== Share Definitions ====

    [homes]
    # Set up home directories of individual users to be shared. 
    comment = Home Directories
    browseable = no
    writable = yes

    [netlogon]
    # This is the netlogon directory where you can create a logon.bat script to map drives, etc.
    comment = Network Logon Service
    path = /mnt/netlogon
    guest ok = yes
    writable = no
    share modes = no
    read only = yes 

    # NOTE: If you have a BSD-style print system there is no need to 
    # specifically define each individual printer

    [printers]
    # This is my printer share
    comment = All Printers
    path = /var/spool/samba
    browseable = yes
    printer = Laserjet4500
    public = yes
    guest ok = yes
    writable = no
    printable = yes

    [print$]
    # This is the hidden share where printer drivers reside to be automatically loaded
    path = /usr/local/samba/printers 
    guest ok = yes
    browseable = yes
    read only = yes
    write list = I believe this is the list of people who can add printer drivers.
    printer admin = Put your list of printer admins here

    [share]
    # Path to my general share accessible to valid users in the domain
    path = /mnt/share  
    public = yes
    writable = yes
    guest only = no
    browsable = yes

    [iso]
    # Path to .iso images - see my CD server document
    path = /mnt/iso 
    public = yes
    writable = no
    guest only = yes
    browsable = yes

    [mounted_cds]
    # Path to the .iso images that are mounted - see my CD server document 
    path = /mnt/cdmounts  
    public = yes
    writable = no
    guest only = yes
    browsable = yes

     

    Top

    Home  |  Gadgets  |  Who I Am  |  Documentation  |  My résumé

    © 2002-2003 - Edward Hagihara and Ms. Phitt, Web Site Development by Ms. Phitt